运维自动化之Puppet学习
1、说明1.1常用实现功能
可管理配置文件、进行用户管理、实现文件分发(建议小文件)、实现cron任务管理、实现分类管理客户端、软件安装、服务管理、定时脚本、执行命令、实现目标客户端执行脚本(前提是客户端已经存在该脚本)
1.2软件说明
操作系统:
debian wheezy 7.2_64bit
Linux localhost 3.2.0-4-amd64 #1 SMPDebian 3.2.51-1 x86_64 GNU/Linux
在线安装版本
ruby1.9.3 \ facter 1.6.10 \ puppet2.7.23
源码安装版本
ruby-1.8.7-p374.tar.gz\facter-1.7.4.tar.gz\
2、安装
2.1安装使用软件
# apt-get install build-essential vim unzipntpdate
2.2在线安装
(1)服务器端
# vim /etc/hostname //灰色标记的内容均为文件内容
puppet.master.com
# vim /etc/hosts //没有DNS时
192.168.24.8 puppet.master.com
192.168.24.14 web.agent1.com
192.168.24.15dydg100.agent2.com
# apt-getinstall puppetmaster
(2)客户端
# vim /etc/hostname
web.agent1.com
# vim /etc/hosts //没有DNS时
192.168.24.8 puppet.master.com
192.168.24.14 web.agent1.com
# apt-getinstall puppet
# vim /etc/default/puppet
START=yes
(3)版本信息
# ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410)
# whereis ruby
ruby: /usr/bin/ruby1.8 /usr/bin/ruby/usr/lib/ruby /usr/share/man/man1/ruby.1.gz
# facter -v
1.6.10
# whereis facter
facter: /usr/bin/facter/usr/share/man/man8/facter.8.gz
# puppet -V
2.7.23
# whereis puppet
puppet: /usr/bin/puppet /etc/puppet/usr/share/man/man8/puppet.8.gz
2.3源码安装(没有测试完,仅供查考)
(1)安装openssl
# tarzxvf openssl-1.0.1.tar.gz
# cdopenssl-1.0.1
#./config -fPIC --prefix=/usr/local/openssl enable-shared
# make&& make install
(2)安装Ruby
### 下载页面:http://cache.ruby-lang.org/pub/ruby/
# wget http://cache.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p374.tar.gz
# tarzxvf ruby-1.8.7-p374.tar.gz
# cd ruby-1.8.7-p374
#./configure
# make&& make install
# cd ruby-1.8.7-p374/ext/openssl
# rubyextconf.rb –with-openssl-dir=/usr/local/openssl \
--with-openssl-include=/usr/local/openssl/include\
--with-openssl-lib=/usr/local/openssl/lib
# make&& make install//否则安装puppet时报错:Could not load openssl; cannotinstall
# whereisruby // ruby: /usr/local/bin/ruby/usr/local/lib/ruby
# ruby -v // ruby 1.8.7 (2013-06-27 patchlevel374)
# ruby-ropenssl -e "puts :yep"//输出 yep 说明Ruby所依赖的OpenSSL 库无问题
### 备注:ruby中文网址:https://www.ruby-lang.org/zh_cn/downloads/
(3)安装Facter
### 下载页面:http://puppetlabs.com/misc/download-options
# wgethttp://downloads.puppetlabs.com/facter/facter-1.7.4.tar.gz
# tarzxvf facter-1.7.4.tar.gz
# cdfacter-1.7.4
# rubyinstall.rb
# whereisfacter // facter:/usr/local/bin/facter
# facter -v // 1.7.4
(4)安装Puppet
### 下载页面:http://puppetlabs.com/misc/download-options
# wget http://downloads.puppetlabs.com/puppet/puppet-3.4.2.tar.gz
# tarzxvf puppet-3.4.2.tar.gz
# cdpuppet-3.4.2
# rubyinstall.rb
3、配置
3.1服务器端
1、puppet.conf
# vim /etc/puppet/puppet.conf
# 默认配置暂时没有做修改
2、启动
# /etc/init.d/puppetmaster start
3.2客户端
1、puppet.conf
# vim /etc/puppet/puppet.conf
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
# These are needed when the puppetmaster is run bypassenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
server = puppet.master.com //配置服务器端主机名
2、puppet
//以下解决启动报: puppet notconfigured to start, please edit /etc/default/puppet to enable
# vim /etc/default/puppet
START=yes
3、启动客户端
# /etc/init.d/puppet start
3.3证书
3.3.1证书注册
(1)客户端注册请求
# puppet agent --test
(2)服务端查看注册请求
# puppet cert list --all
(3)服务端受理注册请求
# puppet cert sign web.agent1.com
(4)客户端确认注册是否成功
# puppet agent --test
info: Caching catalog for web.agent1.com
info: Applying configuration version '1392266761'
notice: Finished catalog run in 0.03 seconds
(5)启动服务器端和客户端
3.3.2证书变更
###客户端
# /etc/init.d/puppet stop
# rm -rf /var/lib/puppet
### 服务器端
# puppet cert clean web.agent1.com //删除客户端认证
# puppet cert list --all //服务端查看注册请求
### 客户端
# puppetd --server puppet.master.com --test //重新生成认证
info: Caching catalog for web.agent1.com
info: Applying configuration version '1392265820'
notice: Finished catalog run in 0.03 seconds
### 服务器端
# puppet cert list --all //查看所有客户端的请求(有+号的代表已经签好证书可以通信,没有加号的代表尚未签好证书。
"web.agent1.com" //若没有加号,没有签好证书,需要重新认证
# puppet cert sign web.agent1.com //受理注册请求,完成认证
### 客户端
//测试是否正常
# puppet agent --test --noop --server puppet.master.com
info: Caching catalog for web.agent1.com
info: Applying configuration version '1392266401'
notice: Finished catalog run in 0.03 seconds
3.2.3服务器端自动受理注册
(1)在服务端
#vim /etc/puppet/puppet.conf
autosign = /etc/puppet/autosign.com
#vim /etc/puppet/autosign.conf
web.agent1.com
game.agent2.com
3.4客户端测试
#puppet agent --test --noop --server puppet.master.com
4、用户组资源
# puppet -V 2.7.23
4.1目录结构
#tree puppet
puppet
├── auth.conf
├── etckeeper-commit-post
├── etckeeper-commit-pre
├── fileserver.conf
├── manifests
│ ├── modules.pp
│ ├── nodes
│ │ ├── gameapp
│ │ │ └── agent2.pp
│ │ ├── gamedb
│ │ │ └── agent1.pp
│ │ └── site.pp
│ └── site.pp
├── modules
│ └── users
│ ├── file
│ ├── manifests
│ │ ├── addgroup.pp
│ │ ├── adduser.pp
│ │ └── init.pp
│ └── templates
│ ├── laowafang_authorized_keys.erb
│ ├── dada_authorized_keys.erb
│ ├── zhiban1_authorized_keys.erb
│ └── zw_authorized_keys.erb
├── puppet.conf
└── templates
4.2操作过程
4.2.1创建模版目录
# cd /etc/puppet/modules
# mkdir -p user/{manifests,templates,files}
# touch user/manifests/init.pp
# touch user/manifests/addgroup.pp
# touch user/manifests/adduser.pp
4.2.2 users模块清单
(1)init.pp内容,入口程序,必须创建
# cat /etc/puppet/modules/users/manifests/init.pp
class users {
include users
}
(2)addgroup.pp创建用户组用“定义”资源容器
# cat /etc/puppet/modules/users/manifests/addgroup.pp
define users::addgroup ($groupname='')
{
includeusers
group
{ $groupname:
ensure => present,
}
}
(3)adduser.pp创建用户
# cat # cat /etc/puppet/modules/users/manifests/adduser.pp
define users::adduser ($username='', $useruid='',$userhome='', $usershell='/bin/bash', $groupid)
{
includeusers
user
{ $username:
ensure=> present,
uid => $useruid,
shell=> $usershell,
gid=> $groupid,
home=>"/home/$userhome",
}
file
{ "/home/$userhome":
owner => $useruid,
group => $useruid,
mode => 700,
ensure=> directory;
}
file
{ "/home/$userhome/.ssh":
owner => $useruid,
group => $useruid,
mode => 700,
ensure=> directory,
require=> File["/home/$userhome"];
}
file
{ "/home/$userhome/.ssh/authorized_keys":
owner => $useruid,
group => $useruid,
mode => 600,
ensure=> present,
content=> template("users/${userhome}_authorized_keys.erb"),
require=> File["/home/$userhome/.ssh"];
}
}
(4)templates下*.erb文件为sshKey文件
4.2.3节点实现创建用户及其组
1、创建对应节点所需文件
# mkdir -p /etc/puppet/manifests/nodes/gamedb
# mkdir -p /etc/puppet/manifests/nodes/gameapp
# touch /etc/puppet/manifests/modules.pp
# touch /etc/puppet/manifests/site.pp
# touch /etc/puppet/manifests/nodes/site.pp
# touch /etc/puppet/manifests/nodes/gamedb/agent1.pp
# touch /etc/puppet/manifests/nodes/gameapp/agent2.pp
2、文件内容清单
(1)modules.pp
# cat /etc/puppet/manifests/modules.pp
import "users"
(2)site.pp
# cat /etc/puppet/manifests/site.pp
import "nodes/site.pp"
import "modules.pp"
#user { 'zw': //注释的是测试删除所有节点用户用的
# ensure=> absent,
#}
#user { 'laowafang':
# ensure=> absent,
#}
(3)site.pp
# cat /etc/puppet/manifests/nodes/site.pp
import "gamedb/agent1.pp"
import "gameapp/agent2.pp"
(4)agent1.pp
# cat /etc/puppet/manifests/nodes/gamedb/agent1.pp
node "web.agent1.com" {
includeusers
users::addgroup { 'allgroup':
groupname => [ 'yanfa', 'ywsa', 'ywdba', 'zhiban' ]
}
users::adduser { 'zw':
username => 'zw',
useruid=> 1000,
userhome => 'zw',
groupid=> 'ywsa',
}
users::adduser { 'laowafang':
username => 'laowafang',
useruid=> 1001,
userhome=> 'laowafang',
groupid=> 'ywdba',
}
}
(5)agent2.pp
# cat /etc/puppet/manifests/nodes/gameapp/agent2.pp
node "dydg100.agent2.com" {
includeusers
users::addgroup { 'allgroup':
groupname => [ 'ywsa', 'ywdba', 'yanfa', 'zhiban' ]
}
users::adduser { 'zw':
username => 'zw',
useruid=> 1000,
userhome => 'zw',
groupid=> 'ywsa',
}
users::adduser { 'dada':
username => 'dada',
useruid => 1001,
userhome => 'dada',
groupid=> 'yanfa',
}
users::adduser { 'zhiban1':
username => 'zhiban1',
useruid=> 1002,
userhome => 'zhiban1',
groupid=> 'zhiban',
}
}
4.2.4客户端测试
### 两个客户端分别测试
# puppetagent --test --noop --server puppet.master.com//进行检查
info: Caching catalog for web.agent1.com
info: Applying configuration version'1393300345'
……省略
notice: Finished catalog run in 0.10seconds
#puppet agent --test --server puppet.master.com //真正创建
5、常用操作
# puppet parser validate adduser.pp //检查语法
# puppet master --genconfig |grepmodulepath//检查对应配置文件路径
# puppet module list //查看已安装的模块
### 刚学习到此,主要是摸清楚了软件目录结构和运行流程,其中没有详细的解释说明,基本都是实际操作,大家可以另行查看其他说明,推荐图书:刘宇的《puppet实战》,高永超翻译的《精通puppet配置管理工具》。有时间继续补上其他的……
页:
[1]